After you register information about a Hive cluster that supports Kerberos authentication in the Realtime Compute for Apache Flink console, Realtime Compute for Apache Flink deployments can access the Hive cluster. This topic describes how to register a Hive cluster that supports Kerberos authentication.
Background information
Kerberos is a computer-network authentication protocol that is used for identity authentication to ensure the security of communication. If your Realtime Compute for Apache Flink deployment needs to access a Hive cluster that supports Kerberos authentication, you must register the Hive cluster in the Realtime Compute for Apache Flink console and specify the Hive cluster information in the Realtime Compute for Apache Flink deployment.
Limits
Only Hive clusters of Hadoop 2.x and Hadoop 3.x that support Kerberos authentication are supported.
NoteOnly Realtime Compute for Apache Flink that uses Ververica Runtime (VVR) 8.0.7 or later supports Hadoop 2.x.
You can register only one Hive cluster that supports Kerberos authentication in a workspace.
SQL deployments cannot access the Hive cluster that supports Kerberos authentication.
Precautions
If you no longer require a Hive cluster that supports Kerberos authentication, you can delete the cluster to disassociate the cluster from Realtime Compute for Apache Flink. If you disassociate a Hive cluster that supports Kerberos authentication from a Realtime Compute for Apache Flink workspace, the deployments that use the Kerberos service in all namespaces of the workspace fail to run. Proceed with caution when you perform this operation.
Procedure
Go to the page for registering information about a Hive cluster that supports Kerberos authentication.
Log on to the Realtime Compute for Apache Flink console.
find the workspace that you want to manage and click Console in the Actions column.
In the left-side navigation pane, click
.
On the Security page, click the Hive Kerberos tab. On the Hive Kerberos tab, click Add Kerberos.
In the Add Kerberos dialog box, configure the parameters. The following table describes the parameters.
Parameter
Description
Kerberos Name
Enter the name of the Hive cluster that supports Kerberos authentication.
Kerberos Keytab
Keytab is a file that contains principals and encrypted principal keys. You can access the Keytab file to pass Kerberos authentication as a principal.
Enter the path of the Keytab file of Kerberos. You can click the button on the right side of the Kerberos Keytab parameter to upload the required file. Then, you can select the file that you upload.
Kerberos Krb5.conf
Krb5.conf is a configuration file in the Kerberos authentication environment. The file is used to specify the connection mode and security parameters between Kerberos clients and servers. The file is also used to specify the locations of Kerberos components.
Enter the path of the Krb5.conf file of Kerberos. You can click the button on the right side of the Kerberos Krb5.conf parameter to upload the required file. Then, you can select the file that you upload.
Click OK.
If you no longer require a Hive cluster that supports Kerberos authentication, find the cluster and click Delete in the Actions column to disassociate the cluster from Realtime Compute for Apache Flink.